<?php
//пароль
if (!defined('INWEB')) header("Location: ../index.php");
if(isset($_GET['a']) && $_GET['a']=='add')
{
    if(isset($_GET['t']) && $_GET['t']=='g')
    {
        $sql->query("DESCRIBE `groups`;");
        $fields=array();
        $i=0;
        while($field=$sql->fetch_array())
        {
            $fields[$i]=$field['Field'];
            $i++;
        }
        if($_POST)
        {
            try
            {
                $name=getVar('name');
                $qry="INSERT INTO `groups` (`name`) VALUES ('$name');";
                $sql->query($qry);
                $nId=$sql->getId();
                $qry2="UPDATE groups SET ";
                            
                $i=0;
                foreach($fields as $field)
                {
                    if($field=='id' || $field=='name') continue;
                    if($i!=0)$qry2.=",";
                    $qry2.= $field.'=\''.getVar($field,'bool',true).'\'';
                    $i++;
                }
                $qry2.="WHERE id='$nId';";
                $sql->query($qry2);
                msg($Lang['success'],$Lang['group_added']);
            }
            catch(Exception $e)
            {
                msg($Lang['error'],$e->getMessage(),'error');
            }
        }
        else
        {
            echo '<form method="post" action="?p='.$page.'&a=add&t=g"><table border="1">';
            echo '<tr>';
            foreach($fields as $field)
            {
                if($field=='id') continue;
                else echo '<td>'.$field.'</td>';
            }
            echo '</tr>';
            echo '<tr>';
            foreach($fields as $field)
            {
                if($field=='id') continue;
                else if ($field=='name') echo '<td><input type="text" name="name" /></td>';
                else echo '<td><input type="checkbox" name="'.$field.'" /></td>';
            }
            echo '</tr>';
            echo '</table><input type="button" class="yt_button" value="'.$Lang['add'].'" onclick="submit();"/></form>';
        }
    }
    else if(isset($_GET['t']) && $_GET['t']=='a')
    {
        if($_POST)
        {
            try
            {
                $name=getVar('name');
                $qry="ALTER TABLE `groups` ADD COLUMN `$name`  tinyint(1) UNSIGNED NOT NULL DEFAULT 0;";
                $sql->query($qry);
       
                $qr=$sql->query("SELECT id FROM groups;");
                while($row=$sql->fetch_array($qr))
                {
                    if(isset($_POST[$row['id']])&&$_POST[$row['id']]=='on')
                        $sql->query("UPDATE groups SET `$name`='1' WHERE id='{$row['id']}'");
                }
                msg($Lang['success'],$Lang['access_added']);
            }
            catch(Exception $e)
            {
                msg($Lang['error'],$e->getMessage(),'error');
            }
        }
        else
        {
            echo '<form method="post" action="?p='.$page.'&a=add&t=a"><table border="1">';
            echo '<tr><td>'.$Lang['name'].'</td><td><input type="textbox" name="name" /></td></tr>';
            $sql->query("SELECT id, name FROM groups;");
            while($row=$sql->fetch_array())
            {
                echo '<tr><td>'.$row['name'].'</td><td><input type="checkbox" name="'.$row['id'].'" /></td></tr>';
            }
            echo '</table><input type="button" class="yt_button" value="'.$Lang['add'].'" onclick="submit();"/></form>';
        }
    }
}
else if(isset($_GET['a']) && $_GET['a']=='edit')
{
    $sql->query("DESCRIBE `groups`;");
    $a_hdr=array();
    $i=0;
    while($hdr=$sql->fetch_array())
    {
        $a_hdr[$i]=$hdr['Field'];
        $i++;
    }
    $qry=$sql->query("SELECT id FROM groups");
    while($grp=$sql->fetch_array($qry))
    {
        foreach($a_hdr as $hdr)
        {
            if($hdr=='id') continue;
            if($hdr=='name')
            {
                if(isset($_POST[$grp['id'].'_'.$hdr]))
                {
                    $name=getVar($grp['id'].'_name');
                    $sql->query("UPDATE `groups` SET `name`='$name' WHERE `id`='{$grp['id']}';");
                }
            }
            else
            {
                if(isset($_POST[$grp['id'].'_'.$hdr]))
                    $sql->query("UPDATE `groups` SET `$hdr`='1' WHERE `id`='{$grp['id']}';");
                else
                    $sql->query("UPDATE `groups` SET `$hdr`='0' WHERE `id`='{$grp['id']}';");
            }
        }
    }
    msg($Lang['success'],$Lang['updated']);
    echo '<br /><a href="?p='.$page.'">Back</a>';
}
else if(isset($_GET['a']) && $_GET['a']=='del' && isset($_GET['id']))
{
    $id=getVar('id');
    $t=getVar('t');
    if($t=='g')
    {
        if(isset($_GET['confirm']))
        {
            $sql->query("DELETE FROM `groups` WHERE `id`='$id'");
            if($sql->num_rows())
            {
                msg($Lang['success'], sprintf($Lang['group_deleted'],$id));
            }
            else
            {
                msg($Lang['error'], $Lang['failed_del_group'].$id.'.','error');
            }
        }
        else
        {
            msg($Lang['warning'],$Lang['are_u_sure_del_group'].$id.'?<br /> <a href="?p='.$page.'&a=del&id='.$id.'&t=g&confirm">'.$Lang['yes'].'</a>/<a href="?p='.$page.'">'.$Lang['no'].'</a>','warning');
        }
    }
    else
    {
        if(isset($_GET['confirm']))
        {
            $sql->query("ALTER TABLE `groups` DROP COLUMN `$id`");
            if($sql->num_rows())
            {
                msg($Lang['success'], sprintf($Lang['access_deleted'],$id));
            }
            else
            {
                msg($Lang['error'], $Lang['failed_del_access'].$id.'.','error');
            }
        }
        else
        {
            msg($Lang['warning'],$Lang['are_u_sure_del_access'].$id.'?<br /> <a href="?p='.$page.'&a=del&id='.$id.'&confirm">'.$Lang['yes'].'</a>/<a href="?p='.$page.'">'.$Lang['no'].'</a>','warning');
        }
    }
    echo '<br /><a href="?p='.$page.'">Back</a>';
}
else
{
    echo '<form action="?p='.$page.'&a=edit" method="post"><table border="1"><tr>';
    $sql->query("DESCRIBE `groups`;");
    $a_hdr=array();
    $i=0;
    while($hdr=$sql->fetch_array())
    {
        echo '<th>'.$hdr['Field'].'<a href="?p='.$page.'&a=del&id='.$hdr['Field'].'&t=a"><img src="img/delete.png" title="'.$Lang['delete'].'" alt="'.$Lang['delete'].'" /></a></th>';
        $a_hdr[$i]=$hdr['Field'];
        $i++;
    }
    echo '<th>'.$Lang['actions'].'<a href="?p='.$page.'&a=add&t=g"><img src="img/add.png" title="'.$Lang['add_group'].'" alt="'.$Lang['add_group'].'" /><a href="?p='.$page.'&a=add&t=a"><img src="img/add.png" title="'.$Lang['add_access'].'" alt="'.$Lang['add_access'].'" /></a></th>';
    echo '</tr>';
    
    $qry=$sql->query("SELECT * FROM `groups`");
    while($groups=$sql->fetch_row($qry))
    {
        echo '<tr>';
        $i=0;
        $id=$groups[0];
        foreach($groups as $group)
        {
            if($i==0)
            {
                echo '<td><input type="hidden" name="'.$id.'_id" value="'.$id.'" />'.$id.'</td>';
            }
            else if($i==1)
            {
                echo '<td><input type="text" name="'.$id.'_name" value="'.$groups[1].'" /></td>';
            }
            else
            {
                echo '<td><input name="'.$id.'_'.$a_hdr[$i].'" type="checkbox" '.(($group=='1')?'checked="checked"':'').' value="'.$group.'"/></td>';
            }
            $i++;
        }
        echo '<td><a href="?p='.$page.'&a=del&id='.$id.'&t=g"><img src="img/delete.png" title="'.$Lang['delete'].'" alt="'.$Lang['delete'].'" /></a></td>';
        echo '</tr>';
    }
    echo '</table>';
    echo '<br /><input type="submit" value="'.$Lang['update'].'" /></form>';
}
?>